luanti-org/luanti
1
0
Fork 0
mirror of https://github.com/luanti-org/luanti.git synced 2025-10-14 00:55:20 +02:00
Code Activity

Mod security: Allow read-only access to all mod paths

Browse Source
This commit is contained in:
ShadowNinja
2016-12-05 19:59:15 +00:00
committed by paramat
parent 24edfb77af
commit 59f84ca0a0
8 changed files with 90 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/script/cpp_api/s_security.h
View File

@@ -23,14 +23,18 @@ with this program; if not, write to the Free Software Foundation, Inc.,
#include "cpp_api/s_base.h"
#define CHECK_SECURE_PATH(L, path) \
if (!ScriptApiSecurity::checkPath(L, path)) { \
throw LuaError(std::string("Attempt to access external file ") + \
path + " with mod security on."); \
#define CHECK_SECURE_PATH_INTERNAL(L, path, write_required, ptr) \
if (!ScriptApiSecurity::checkPath(L, path, write_required, ptr)) { \
throw LuaError(std::string("Mod security: Blocked attempted ") + \
(write_required ? "write to " : "read from ") + path); \
}
#define CHECK_SECURE_PATH_OPTIONAL(L, path) \
#define CHECK_SECURE_PATH(L, path, write_required) \
if (ScriptApiSecurity::isSecure(L)) { \
CHECK_SECURE_PATH(L, path); \
CHECK_SECURE_PATH_INTERNAL(L, path, write_required, NULL); \
}
#define CHECK_SECURE_PATH_POSSIBLE_WRITE(L, path, ptr) \
if (ScriptApiSecurity::isSecure(L)) { \
CHECK_SECURE_PATH_INTERNAL(L, path, false, ptr); \
}
@@ -43,8 +47,9 @@ public:
static bool isSecure(lua_State *L);
// Loads a file as Lua code safely (doesn't allow bytecode).
static bool safeLoadFile(lua_State *L, const char *path);
// Checks if mods are allowed to read and write to the path
static bool checkPath(lua_State *L, const char *path);
// Checks if mods are allowed to read (and optionally write) to the path
static bool checkPath(lua_State *L, const char *path, bool write_required,
bool *write_allowed=NULL);
private:
// Syntax: "sl_" <Library name or 'g' (global)> '_' <Function name>